From owner-svn-src-all@FreeBSD.ORG Sat Oct 27 01:20:49 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 613FA1CC; Sat, 27 Oct 2012 01:20:49 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 3E8308FC19; Sat, 27 Oct 2012 01:20:49 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q9R1KnJL051342; Sat, 27 Oct 2012 01:20:49 GMT (envelope-from eadler@svn.freebsd.org) Received: (from eadler@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q9R1Kmh2051327; Sat, 27 Oct 2012 01:20:48 GMT (envelope-from eadler@svn.freebsd.org) Message-Id: <201210270120.q9R1Kmh2051327@svn.freebsd.org> From: Eitan Adler Date: Sat, 27 Oct 2012 01:20:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r242165 - in stable/7: libexec/tftpd sbin/ccdconfig sbin/restore usr.bin/lock usr.bin/msgs usr.bin/wall usr.sbin/edquota usr.sbin/kgmon X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Oct 2012 01:20:49 -0000 Author: eadler Date: Sat Oct 27 01:20:48 2012 New Revision: 242165 URL: http://svn.freebsd.org/changeset/base/242165 Log: MFC r241848: Check the return error of set[e][ug]id. While this can never fail in the current version of FreeBSD, this isn't guarenteed by the API. Custom security modules, or future implementations of the setuid and setgid may fail. Approved by: cperciva (implicit) Modified: stable/7/libexec/tftpd/tftpd.c stable/7/sbin/ccdconfig/ccdconfig.c stable/7/sbin/restore/tape.c stable/7/usr.bin/lock/lock.c stable/7/usr.bin/msgs/msgs.c stable/7/usr.bin/wall/wall.c stable/7/usr.sbin/edquota/edquota.c stable/7/usr.sbin/kgmon/kgmon.c Directory Properties: stable/7/libexec/tftpd/ (props changed) stable/7/sbin/ccdconfig/ (props changed) stable/7/sbin/restore/ (props changed) stable/7/usr.bin/lock/ (props changed) stable/7/usr.bin/msgs/ (props changed) stable/7/usr.bin/wall/ (props changed) stable/7/usr.sbin/edquota/ (props changed) stable/7/usr.sbin/kgmon/ (props changed) Modified: stable/7/libexec/tftpd/tftpd.c ============================================================================== --- stable/7/libexec/tftpd/tftpd.c Sat Oct 27 01:20:48 2012 (r242164) +++ stable/7/libexec/tftpd/tftpd.c Sat Oct 27 01:20:48 2012 (r242165) @@ -371,7 +371,10 @@ main(int argc, char *argv[]) } chdir("/"); setgroups(1, &nobody->pw_gid); - setuid(nobody->pw_uid); + if (setuid(nobody->pw_uid) != 0) { + tftp_log(LOG_ERR, "setuid failed"); + exit(1); + } } len = sizeof(me_sock); Modified: stable/7/sbin/ccdconfig/ccdconfig.c ============================================================================== --- stable/7/sbin/ccdconfig/ccdconfig.c Sat Oct 27 01:20:48 2012 (r242164) +++ stable/7/sbin/ccdconfig/ccdconfig.c Sat Oct 27 01:20:48 2012 (r242165) @@ -289,13 +289,16 @@ do_all(int action) rval = 0; egid = getegid(); - setegid(getgid()); + if (setegid(getgid()) != 0) + err(1, "setegid failed"); if ((f = fopen(ccdconf, "r")) == NULL) { - setegid(egid); + if (setegid(egid) != 0) + err(1, "setegid failed"); warn("fopen: %s", ccdconf); return (1); } - setegid(egid); + if (setegid(egid) != 0) + err(1, "setegid failed"); while (fgets(line, sizeof(line), f) != NULL) { argc = 0; Modified: stable/7/sbin/restore/tape.c ============================================================================== --- stable/7/sbin/restore/tape.c Sat Oct 27 01:20:48 2012 (r242164) +++ stable/7/sbin/restore/tape.c Sat Oct 27 01:20:48 2012 (r242165) @@ -164,7 +164,11 @@ setinput(char *source, int ispipecommand } pipein++; } - setuid(getuid()); /* no longer need or want root privileges */ + /* no longer need or want root privileges */ + if (setuid(getuid()) != 0) { + fprintf(stderr, "setuid failed\n"); + done(1); + } magtape = strdup(source); if (magtape == NULL) { fprintf(stderr, "Cannot allocate space for magtape buffer\n"); Modified: stable/7/usr.bin/lock/lock.c ============================================================================== --- stable/7/usr.bin/lock/lock.c Sat Oct 27 01:20:48 2012 (r242164) +++ stable/7/usr.bin/lock/lock.c Sat Oct 27 01:20:48 2012 (r242165) @@ -130,7 +130,9 @@ main(int argc, char **argv) } timeout.tv_sec = sectimeout * 60; - setuid(getuid()); /* discard privs */ + /* discard privs */ + if (setuid(getuid()) != 0) + errx(1, "setuid failed"); if (tcgetattr(0, &tty)) /* get information for header */ exit(1); Modified: stable/7/usr.bin/msgs/msgs.c ============================================================================== --- stable/7/usr.bin/msgs/msgs.c Sat Oct 27 01:20:48 2012 (r242164) +++ stable/7/usr.bin/msgs/msgs.c Sat Oct 27 01:20:48 2012 (r242165) @@ -178,7 +178,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); time(&t); - setuid(uid = getuid()); + if (setuid(uid = getuid()) != 0) + err(1, "setuid failed"); ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL); if (ruptible) signal(SIGINT, SIG_DFL); Modified: stable/7/usr.bin/wall/wall.c ============================================================================== --- stable/7/usr.bin/wall/wall.c Sat Oct 27 01:20:48 2012 (r242164) +++ stable/7/usr.bin/wall/wall.c Sat Oct 27 01:20:48 2012 (r242165) @@ -249,7 +249,8 @@ makemsg(char *fname) setegid(getgid()); if (freopen(fname, "r", stdin) == NULL) err(1, "can't read %s", fname); - setegid(egid); + if (setegid(egid) != 0) + err(1, "setegid failed"); } cnt = 0; while (fgets(lbuf, sizeof(lbuf), stdin)) { Modified: stable/7/usr.sbin/edquota/edquota.c ============================================================================== --- stable/7/usr.sbin/edquota/edquota.c Sat Oct 27 01:20:48 2012 (r242164) +++ stable/7/usr.sbin/edquota/edquota.c Sat Oct 27 01:20:48 2012 (r242165) @@ -524,8 +524,10 @@ editit(tmpf) register const char *ed; sigsetmask(omask); - setgid(getgid()); - setuid(getuid()); + if (setgid(getgid()) != 0) + err(1, "setgid failed"); + if (setuid(getuid()) != 0) + err(1, "setuid failed"); if ((ed = getenv("EDITOR")) == (char *)0) ed = _PATH_VI; execlp(ed, ed, tmpf, (char *)0); Modified: stable/7/usr.sbin/kgmon/kgmon.c ============================================================================== --- stable/7/usr.sbin/kgmon/kgmon.c Sat Oct 27 01:20:48 2012 (r242164) +++ stable/7/usr.sbin/kgmon/kgmon.c Sat Oct 27 01:20:48 2012 (r242165) @@ -90,7 +90,9 @@ main(int argc, char **argv) struct kvmvars kvmvars; char *system, *kmemf; - seteuid(getuid()); + if (seteuid(getuid()) != 0) { + err(1, "seteuid failed\n"); + } kmemf = NULL; system = NULL; while ((ch = getopt(argc, argv, "M:N:Bbhpr")) != -1) {